Cool, it's actually a legitimate exploit <http://www.wired.com/news/mac/0,2125,63528,00.html?tw=newsletter_topstories_html>... click on the link in the middle of the article! Though, not of great utility to a hard core malicious hacker (since you are limited only to the current user's account unless you can trick the user into entering an admin password), it's still enough of a threat to be a problem to warrant immediate action by Apple. Now, the salient question (re: key stroke logger for example) is whether it's possible to install an application/script that will run at login time without requiring the entry of a password to set up? To modify cron you require admin password IIRC (I've forgotten the nitty gritty b/c cron's been running my Applescript beautifully for the past three months :). To modify the System Prefs login list might not require an admin password -- it seemed like I just managed to do that without having to authenticate myself. I suppose a malicious script could modify the prefs file directly. Of course, in all of this, the only thing that's vulnerable is the account of the user that gets infected (the beauty of Unix ;). The fix from Apple should (will?) be quite simple: 1. stop the Help Viewer from executing scripts automagically unless they're explicitly allowed by the user or not initiated by a web browser; 2. stop Disk image (or whatever it's called in OS X) from executing Applescripts (I thought Apple had done that... or at the very least turned off that behaviour by default... it seems like that was an old vulnerability). Eric. _________________________________________________________________ Add photos to your messages with MSN Premium. Get 2 months FREE* http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines _________________________________________________ For information concerning the MUGLO List just click on http://muglo.on.ca/Pages/joinus.html Don't forget to periodically check our web site at: http://muglo.on.ca/